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Storing Validation Parameters in PKCS#8 


Abstract 


This memo describes a method of storing parameters needed for 
private-key validation in the Private-Key Information Syntax 
Specification as defined in PKCS#8 format (RFC 5208). It is equally 
applicable to the alternative implementation of the Private-Key 
Information Syntax Specification as defined in RFC 5958. 


The approach described in this document encodes the parameters under 
a private enterprise extension and does not form part of a formal 
standard. 


Status of This Memo 


This document is not an Internet Standards Track specification; it is 
published for informational purposes. 


This is a contribution to the RFC Series, independently of any other 
RFC stream. The RFC Editor has chosen to publish this document at 
its discretion and makes no statement about its value for 
implementation or deployment. Documents approved for publication by 
the RFC Editor are not candidates for any level of Internet Standard; 
see Section 2 of RFC 7841. 


Information about the current status of this document, any errata, 
and how to provide feedback on it may be obtained at 
https://www.rfc-editor.org/info/rfc8479. 


Copyright Notice 


Copyright (c) 2018 IETF Trust and the persons identified as the 
document authors. All rights reserved. 


This document is subject to BCP 78 and the IETF Trust’s Legal 
Provisions Relating to IETF Documents 
(https://trustee.ietf.org/license-info) in effect on the date of 
publication of this document. Please review these documents 
carefully, as they describe your rights and restrictions with respect 
to this document. 
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1. Introduction 


RSA or DSA private keys generated using the Shawe-Taylor prime 
generation algorithm described in [FIPS186-4] allow for parameter 
validation, i.e., they verify whether the primes are actually prime 
and were correctly generated. That is done by generating the 
parameters from a known seed and a selected hash algorithm. 


Storing these parameters in a private-key format such as the RSA 
Private-Key Syntax from PKCS#1 [RFC8017] or common representations 
for DSA private keys does not allow information needed for validation 
to be attached to the parameters. The purpose of this document is to 
describe such a method using the Private-Key Information Syntax 
Specification as defined in [RFC5208] and the alternative 
specification described in [RFC5958]. 


The approach described in this document encodes the parameters under 
a private enterprise extension and does not form part of a formal 
standard. The encoding can be used as is or as the basis for a 
standard at a later time. 


2. ValidationParams Attribute 


The information related to the validation parameters is stored as an 
attribute in the PrivateKeyInfo structure. The attribute is 
identified by the id-attr-validation-parameters object identifier and 
contains as AttributeValue a single ValidationParams structure. 


id-attr-validation-parameters OBJECT IDENTIFIER ::= 
{1 3 6 1 4 1 2312 18 8 1} 


ValidationParams ::= SEQUENCE { 
hashAlgo OBJECT IDENTIFIER, 
seed OCTET STRING 


} 


The algorithm identifier in ValidationParams should be a hash 
algorithm identifier for the methods described in [FIPS186-4]. The 
ValidationParams sequence must be DER encoded [ITU-T-X690]. 
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Example Structure 


The following structure contains an RSA key generated using the 
algorithm from Section B.3.3 of [FIPS186-4], with SHA2-384 hash. 
seed used is 
8af4328c87bebcec31e303b8f£5537effcb6a91d947084d99a369823b36f01462 
encoded). 


MIIE/gIBADANBgkqhkiG9w0BAQEFAASCBKcwggS jJAGEAAoIBAQCpPwxXwfhDsWA3q 
JN2BWg1xfDjvZDVNfgTV/b95g304Aty3z13xPXANHHZ3ROW3pgPxTj9fiq7ZMy4Ua 
gMpPK81v3pHX1luokC2KcGxXbgbAq208C1xSXgEJ11RwDENuf jJEdV1OgArt 8NLIPON 
lotalkQUulI1DMsqc5DTI1a35Nq441GW+KmLtP0kCrGq9fMGwjDbPEpSp 9DTquEMHI 
o7kyJ1IjB+93ikLvBUTgbxr+jcnTLXuhA8rC8r+KXre4NPPNPRyefRcALLt /URVfA 
rTIvFOQfi3vI JNHBZL5FdC+FVAr5Q0nF3r2+cuDPbncezr4/rr81kzFGWrwyAgF 5FWu 
pFtB5 I YDAgMBAAECggEAHZ8 8vGNsNdmRk fhWupGW4cKCuot+Y7re8Q/H2Jd/4Nin2 
FKvUPuloaztiSGDbVmt+ve jama/Nu5FEIumNJRYMeoVJcx2DDuUx01ZBlalEwfMct 
/DWd0/JIDzuCXBOCu5GTWLh1z0zMGHXihIdQODtGKt++3Ncg5gy1D+cIqqJB515/z 
YdZmb0Wgqmz 7H3DisuxvnhiCAOuNr jcDau80hpMA9TO1b+XKNGHIBgKpJe61nBOP 
MsS/AJDiDoEpP 9GG9mv 9+ 96rAga4Nos 6bavY lwWwbC6d+hHIWVWEWsmrDfcJlm2gN 
tjvG8omj00t 5dAt 7qGhfOoNDGr5t vJVo/g960/0I8QKBgQDdzyt VRulo9aKVGAYW 
/Nj04thtnRaqsTyFH+7ibEVwNIUuld/Bp6NnuGrY+K1six8+zA9f8mKxuXXV9IKK4 
08 9Ypw9 jS2BxM7VYO9Gmp6e1RY3Rrd8w7pG7/KqoPWxXkuixTay 9eybrJMWu3TT36 
q7NheNmBHqcFmSQQuUwEmvp3MOKBgQDDVaisMJkc/sIyQh3Xr1fzmMLK+G1PDucD 
w5e50fH1805PmTcP20zVLhTevffCqeItSyeAno94Xdzc9vZ/rt69410kJEHyBOOL 
Cmht Yz94wvSdRhbqf4VzA12WU184sIYilZDGsnGScglYvo6v6mIT jJRhc8AMdYOPR 
rL6xp6frcwKBgFilt+avC j6mFzD+fxqu8 9nyCmXLFiAI+nmjTy7PM/7yP1NB76qDG 
Dil2bW1Xjt+y/1R91d6S1CVnxRbqLe+TZLuVsS8 2m5nRHJIT3b5 FbD8 jquGJOE+e+xT 
DgAOXoCpBab6D8yRt OuUVDIyxCUsVd5DLOJusN7VehzcUEaZMyuL+CyDeRAOGBAImB 
qHomq3Kc6Komnwlw4ttJ436sxrilvuTKOLyYdZBNBOZg5PGi+MWU0z15LDroLi3vl 
FwbVGBxcvxkSBU63FHhKMOW7Ne0giitidOcYOdtKKpb4ezNSl1lt+exd55WTIcExTgL 
tvYZMhgsh8tRgfLWpXor7kWmdBrgef1lFiOxZIL1/AoGAeBP7sdEt+gzsh8 jqFnVRj 
TnNOgt+tYL1LJALWsf7cTH4pLiy2Eo9D+cNjhHLIYLK6RaAd7TPSZladm8HfaROA2cf£Cms84 
RI4c7Ue0G+N6LZiFVCOBfid5SaPVAEXXOt y8UqjOCoZavSaXBPuNcTXZuzswcgbxI 
G5/kaJNHoEcd1VsPsYWKRNKgP zA 9BgorBgEEAZIIEggBMS 8wLQYJYIZIAWUDBAIC 
BCCK 9DKMh7 68 7DHJA7 41U37/y2qR2UcITZmjaYI 7NVAUYg== 


Compatibility Notes 


The 


(hex 


For compatibility, it is recommended that implementations following 
this document support generation and validation using the SHA2-384 


hash algorithm. 


The extension defined in this document is applicable both to the 
Private-Key Information Syntax Specification (PKCS#8) [RFC5208] 
to Asymmetric Key Packages [RFC5958]. 


and 


Mavrogiannopoulos Informational [Page 4] 


RFC 8479 


Storing Validation Parameters in PKCS#8 September 2018 


5. Security Considerations 


All the considerations in [RFC5208] and [RFC5958] apply. 


6. IANA Considerations 


This document has no IANA actions. 
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Appendix A. ASN.1 Module 


This appendix provides non-normative ASN.1 definitions for the 
structures described in this specification using ASN.1 as defined in 
[ITU-T-X680] and [RFC5912]. 


PrivateKeyValidationAttrvl 
{ iso(1) identified-organization(3) dod(6) internet (1) 
private(4) enterprise(1) 2312 18 11 } 


DEFINITIONS IMPLICIT TAGS ::= 
BEGIN 
-- EXPORTS ALL 
IMPORTS 
ATTRIBUTE 
FROM PKIX-CommonTypes-2009 --  [RFC5912] 

{ iso(1) identified-organization(3) dod(6) internet (1) 
security(5) mechanisms(5) pkix(7) id-mod (0) 
id-mod-pkixCommon-02 (57) } ; 

-- PrivateKeyInfo is defined in [RFC5208]. 


-—- This definition adds the validation parameters attribute 
—- to the set of allowed attributes. 


PrivateKeyInfo ATTRIBUTE ::= { 
at-validation-parameters, ... } 
at-validation-parameters ATTRIBUTE ::= { 


TYPE ValidationParams 
IDENTIFIED BY id-attr-validation-parameters } 


id-attr-validation-parameters OBJECT IDENTIFIER ::= 
{ 13 61 4 1 2312 18 8 1 } 


ValidationParams ::= SEQUENCE { 
hashAlg OBJECT IDENTIFIER, 
seed OCTET STRING } 


END 
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